如何使用 gcloud 或其他 CLI 在 Google Container Registry 中列出已发布的容器镜像
How to list the published container images in the Google Container Registry using gcloud or another CLI
是否有 gcloud API 或其他命令行界面 (CLI) 来访问私有 Google Container Registry 中已发布容器镜像的列表? (即 Google Cloud Platform 项目中的容器注册表)
gcloud container 似乎没有帮助:
$ gcloud container
Usage: gcloud container [optional flags] <group | command>
group may be clusters | operations
command may be get-server-config
Deploy and manage clusters of machines for running containers.
flags:
--zone ZONE, -z ZONE The compute zone (e.g. us-central1-a) for the cluster
global flags:
Run `gcloud -h` for a description of flags available to all commands.
command groups:
clusters Deploy and teardown Google Container Engine clusters.
operations Get and list operations for Google Container Engine
clusters.
commands:
get-server-config Get Container Engine server config.
我也不想使用 gcloud docker 列出图像,因为它想连接到我没有的特定 docker 守护程序。除非有办法告诉 gcloud docker 连接到远程 public docker 守护进程,该守护进程可以读取通过我的项目推送到注册表的私有容器。
如果您知道托管图像的项目(例如 google-containers),您可以使用
列出图像
gcloud docker search gcr.io/google_containers
对于单个图像(例如 google-containers 项目中的 pause 图像),您可以使用
检查版本
curl https://gcr.io/v2/google-containers/pause/tags/list
Robert Bailey 给出的答案适用于某些任务,但可能缺少您特别想做的事情。尽管如此,您对他的回答的评论与其说是他的回答的错误,不如说是您对 "fail" 的命令实际含义的理解。
就您的第二条评论而言,
Using docker I get the following error (for the reasons mentioned
above; I also edited the question): Cannot connect to the Docker daemon. Is the docker daemon running on this host?
这是 docker 守护进程未 运行ning 的结果。通过 ps aux | grep docker 检查它是否 运行ning。您可以参考 Docker documentation 来确定如何正确安装和 运行 它。
就您的第一条评论而言,
Using curl I get: {"errors":[{"code":"DENIED","message":"Failed to read tags for repository '<my_project>/<my_image>'"}]}. I have to
authenticate somehow to access the images in a private registry. I
don't want to use docker because that means I have to have a docker
daemon available. I only want to see if a container image with a
particular version is in the Container Registry. So what I need is an
API to the Container Registry in the Google Developer Console.
您将无法 curl 图像,除非它是 public,如 Robert 的最新评论所述,或者除非您以某种方式提供了一些很棒的 oauth headers curl 的调用。
您应该使用 gcloud docker 尝试在注册表中列出图像,就像您在其他 docker 注册表中一样。 gcloud container 命令组对于您想要的任务来说是错误的。您可以在下面看到 gcloud version 96.0.0(截至本评论的最新版本)针对 docker 命令组的输出:
$ gcloud docker
Usage: docker [OPTIONS] COMMAND [arg...]
docker daemon [ --help | ... ]
docker [ --help | -v | --version ]
A self-sufficient runtime for containers.
Options:
--config=~/.docker Location of client config files
-D, --debug=false Enable debug mode
--disable-legacy-registry=false Do not contact legacy registries
-H, --host=[] Daemon socket(s) to connect to
-h, --help=false Print usage
-l, --log-level=info Set the logging level
--tls=false Use TLS; implied by --tlsverify
--tlscacert=~/.docker/ca.pem Trust certs signed only by this CA
--tlscert=~/.docker/cert.pem Path to TLS certificate file
--tlskey=~/.docker/key.pem Path to TLS key file
--tlsverify=false Use TLS and verify the remote
-v, --version=false Print version information and quit
Commands:
attach Attach to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on a container or image
kill Kill a running container
load Load an image from a tar archive or STDIN
login Register or log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
network Manage Docker networks
pause Pause all processes within a container
port List port mappings or a specific mapping for the CONTAINER
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart a container
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save an image(s) to a tar archive
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop a running container
tag Tag an image into a repository
top Display the running processes of a container
unpause Unpause all processes within a container
version Show the Docker version information
volume Manage Docker volumes
wait Block until a container stops, then print its exit code
Run 'docker COMMAND --help' for more information on a command.
您应该使用 gcloud docker search gcr.io/project-id 检查存储库中有哪些图像。 gcloud 拥有您的凭据,因此只要您作为项目的适当用户通过身份验证,它就可以与私有注册表通信。
最后,作为补充资源:Cloud Platform 文档有一整篇关于使用 Google Container Registry 的文章。
我目前最好的解决方案是没有可用的本地 docker 并且无法连接到远程 docker(这仍然至少需要本地 docker 客户端,但是不是本地守护进程 运行),而是通过 SSH 连接到运行 docker 的容器集群实例,并在那里完成我的搜索并在我的原始脚本中获得结果:
gcloud compute ssh <container_cluster_instance> -C "sudo gcloud docker search ..."
当然,为了避免所有冗长的输出(如 SSH/Terminal 欢迎消息),我使用了一些参数来稍微静默执行:
gcloud compute ssh --ssh-flag="-q" "$INSTANCE_NAME" -o LogLevel=quiet -C "sudo gcloud docker search ..."
我刚刚找到了一种更简单的方法来检查特定图像。验证 gcloud 后,使用它生成访问令牌以从您的私有注册表中读取:
curl -u "oauth2accesstoken:$(gcloud auth print-access-token)" https://gcr.io/v2/<projectName>/<imageName>/tags/list
我们刚刚发布了一个新命令来列出存储库中的图像!您可以尝试使用:
gcloud alpha container images list --repository=gcr.io/$MYREPOSITORY
如果您想查看图片的特定标签,您可以使用:
gcloud alpha container images list-tags gcr.io/$MYREPOSITORY/$MYIMAGE
是否有 gcloud API 或其他命令行界面 (CLI) 来访问私有 Google Container Registry 中已发布容器镜像的列表? (即 Google Cloud Platform 项目中的容器注册表)
gcloud container 似乎没有帮助:
$ gcloud container
Usage: gcloud container [optional flags] <group | command>
group may be clusters | operations
command may be get-server-config
Deploy and manage clusters of machines for running containers.
flags:
--zone ZONE, -z ZONE The compute zone (e.g. us-central1-a) for the cluster
global flags:
Run `gcloud -h` for a description of flags available to all commands.
command groups:
clusters Deploy and teardown Google Container Engine clusters.
operations Get and list operations for Google Container Engine
clusters.
commands:
get-server-config Get Container Engine server config.
我也不想使用 gcloud docker 列出图像,因为它想连接到我没有的特定 docker 守护程序。除非有办法告诉 gcloud docker 连接到远程 public docker 守护进程,该守护进程可以读取通过我的项目推送到注册表的私有容器。
如果您知道托管图像的项目(例如 google-containers),您可以使用
gcloud docker search gcr.io/google_containers
对于单个图像(例如 google-containers 项目中的 pause 图像),您可以使用
curl https://gcr.io/v2/google-containers/pause/tags/list
Robert Bailey 给出的答案适用于某些任务,但可能缺少您特别想做的事情。尽管如此,您对他的回答的评论与其说是他的回答的错误,不如说是您对 "fail" 的命令实际含义的理解。
就您的第二条评论而言,
Using docker I get the following error (for the reasons mentioned above; I also edited the question):
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
这是 docker 守护进程未 运行ning 的结果。通过 ps aux | grep docker 检查它是否 运行ning。您可以参考 Docker documentation 来确定如何正确安装和 运行 它。
就您的第一条评论而言,
Using curl I get:
{"errors":[{"code":"DENIED","message":"Failed to read tags for repository '<my_project>/<my_image>'"}]}. I have to authenticate somehow to access the images in a private registry. I don't want to use docker because that means I have to have a docker daemon available. I only want to see if a container image with a particular version is in the Container Registry. So what I need is an API to the Container Registry in the Google Developer Console.
您将无法 curl 图像,除非它是 public,如 Robert 的最新评论所述,或者除非您以某种方式提供了一些很棒的 oauth headers curl 的调用。
您应该使用 gcloud docker 尝试在注册表中列出图像,就像您在其他 docker 注册表中一样。 gcloud container 命令组对于您想要的任务来说是错误的。您可以在下面看到 gcloud version 96.0.0(截至本评论的最新版本)针对 docker 命令组的输出:
$ gcloud docker
Usage: docker [OPTIONS] COMMAND [arg...]
docker daemon [ --help | ... ]
docker [ --help | -v | --version ]
A self-sufficient runtime for containers.
Options:
--config=~/.docker Location of client config files
-D, --debug=false Enable debug mode
--disable-legacy-registry=false Do not contact legacy registries
-H, --host=[] Daemon socket(s) to connect to
-h, --help=false Print usage
-l, --log-level=info Set the logging level
--tls=false Use TLS; implied by --tlsverify
--tlscacert=~/.docker/ca.pem Trust certs signed only by this CA
--tlscert=~/.docker/cert.pem Path to TLS certificate file
--tlskey=~/.docker/key.pem Path to TLS key file
--tlsverify=false Use TLS and verify the remote
-v, --version=false Print version information and quit
Commands:
attach Attach to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on a container or image
kill Kill a running container
load Load an image from a tar archive or STDIN
login Register or log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
network Manage Docker networks
pause Pause all processes within a container
port List port mappings or a specific mapping for the CONTAINER
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart a container
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save an image(s) to a tar archive
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop a running container
tag Tag an image into a repository
top Display the running processes of a container
unpause Unpause all processes within a container
version Show the Docker version information
volume Manage Docker volumes
wait Block until a container stops, then print its exit code
Run 'docker COMMAND --help' for more information on a command.
您应该使用 gcloud docker search gcr.io/project-id 检查存储库中有哪些图像。 gcloud 拥有您的凭据,因此只要您作为项目的适当用户通过身份验证,它就可以与私有注册表通信。
最后,作为补充资源:Cloud Platform 文档有一整篇关于使用 Google Container Registry 的文章。
我目前最好的解决方案是没有可用的本地 docker 并且无法连接到远程 docker(这仍然至少需要本地 docker 客户端,但是不是本地守护进程 运行),而是通过 SSH 连接到运行 docker 的容器集群实例,并在那里完成我的搜索并在我的原始脚本中获得结果:
gcloud compute ssh <container_cluster_instance> -C "sudo gcloud docker search ..."
当然,为了避免所有冗长的输出(如 SSH/Terminal 欢迎消息),我使用了一些参数来稍微静默执行:
gcloud compute ssh --ssh-flag="-q" "$INSTANCE_NAME" -o LogLevel=quiet -C "sudo gcloud docker search ..."
我刚刚找到了一种更简单的方法来检查特定图像。验证 gcloud 后,使用它生成访问令牌以从您的私有注册表中读取:
curl -u "oauth2accesstoken:$(gcloud auth print-access-token)" https://gcr.io/v2/<projectName>/<imageName>/tags/list
我们刚刚发布了一个新命令来列出存储库中的图像!您可以尝试使用:
gcloud alpha container images list --repository=gcr.io/$MYREPOSITORY
如果您想查看图片的特定标签,您可以使用:
gcloud alpha container images list-tags gcr.io/$MYREPOSITORY/$MYIMAGE